Developing a Methodology to Capture Cybersecurity Risks on the Shop Floor of a Truck Parts Manufacturer 

Truck Parts Manufacturer

Developing a Methodology to Capture Cybersecurity Risks on the Shop Floor of a Truck Parts Manufacturer 

Providing a basis for smart and cost-efficient risk response decisions

The Challenge

For this project, involving a multi-national manufacturer of truck parts, Eraneos were hired to help create a defined methodology and process for the execution of a structured and comparable risk assessment in relation to cyber security. 
The issue was that the organization owned a wide range of different operational technology (OT)-devices that were used in its automotive production line. It had around 10,000 devices in its network, and more than 20 lines for one plant. 

This project demonstrated a completely new approach to capturing cybersecurity risk on the shopfloor while marking cost-efficient risk response decisions 

The approach

We got to work by planning and creating a risk management (RM) process, covering all phases of RM. We also developed a methodology for a model-driven holistic shopfloor risk assessment, focusing on executability and resource optimization, while generating comparable results. 
At the same time, we introduced common criteria that were based on pre-rated risk scenarios, including an attack path and control catalog. This helped to simplify the execution of the risk assessment. Finally, we created a risk register, which was used to visualize a risk map. 

A multi-national truck parts manufacturer and assembly group for one of the largest truck and commercial vehicle manufacturers in the world.

The result

In completing this project, Eraneos created an IEC62443 tailored approach that allowed the truck parts manufacturer to model risks in a comparable manner (ISO 15408). The real impact here was that this now offers the manufacturer a real price tag using a value stream. 
Another great result is that the company’s production area is highly streamlined and organized in value streams following its pull material provisioning, which leaves little room for production outages caused by cyber-attacks. 

Let’s create sustainable change together.